AAAA requests on IPv6-disconnected system: bug of feature?
Postfix is installed as forwarder to a fixed relay in a system with no IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6 lines in sysctl). Still, for each message it separately requests both A and records of the relay from DNS, as I verified by tcpdump. Is it a bug or feature? (Yes I know I can explicitly disable IPv6 in postfix configuration too, but that's not the point.) My investigation actually started with the following lines in mail.log, which may or may not be related: May 4 07:52:16 postfix postfix/scache[1518]: statistics: domain lookup hits=0 miss=3 success=0% (3 messages were sent in this interval; there are always 0 hits and 0% success rate.) I'm using Postfix 3.1.0-3 under Ubuntu 16.04. Relay is secure.emailsrvr.com. -- With Best Regards, Marat Khalili
transport_maps
Hi. I have next transport_maps in main.cf:
/etc/postfix/main.cf:
transport_maps = pipemap:{
inline:{unicredit.ua=x, ukrsotsbank.com=x},
randmap:{smtp:[mx1.ukrsotsbank.com], smtp:[mx2.ukrsotsbank.com]}
}
How can I add another domain to the another randmap destinations ?
Best regards,
Vladimir Litvinenko
SSO Delivery Technical Support Specialist "IT Innovations Ukraine" Ltd.
Re: transport_maps
> On May 4, 2017, at 8:31 AM, volodymyr.lytvyne...@ukrsotsbank.com wrote:
>
> transport_maps = pipemap:{
> inline:{unicredit.ua=x, ukrsotsbank.com=x},
> randmap:{smtp:[mx1.ukrsotsbank.com], smtp:[mx2.ukrsotsbank.com]}
>}
>
> How can I add another domain to the another randmap destinations ?
The transport_maps parameter takes a list of tables, so you could append
another pipemap to the list that handles the additional domain that uses
a different list of smtp nexthop values. However, I think this is a fairly
clumsy way of doing MX load-balancing. Instead I would:
* Run a local DNS resolver on the MTA listening for requests on the loopback
address (127.0.0.1) and configured with an local data for the
"localhost" TLD (https://tools.ietf.org/html/rfc2606#section-2)
* Configure /etc/resolv.conf to use only the local (127.0.0.1) resolver.
* Configure the resolver (BIND syntax) to serve:
unicredit.ua.localhost. IN MX 0 mx1.ukrsotsbank.com.
unicredit.ua.localhost. IN MX 0 mx2.ukrsotsbank.com.
;
ukrsotsbank.com.localhost. IN MX 0 mx1.ukrsotsbank.com.
ukrsotsbank.com.localhost. IN MX 0 mx2.ukrsotsbank.com.
;
# More domains with arbitrary custom MX hosts
* Configure a regular file-based transport table as follows:
transport:
# RHS values without [] around an smtp nexthop do MX lookups
unicredit.uasmtp:unicredit.ua.localhost
ukrsotsbank.com smtp:ukrsotsbank.com.localhost
...
Don't forget to postmap the table after it changes and set:
main.cf:
indexed = ${default_database_type}:${config_directory}/
transport_maps = ${indexed}transport
--
Viktor.
Re: AAAA requests on IPv6-disconnected system: bug of feature?
Marat Khalili: > Postfix is installed as forwarder to a fixed relay in a system with no > IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6 > lines in sysctl). Still, for each message it separately requests both A > and records of the relay from DNS, as I verified by tcpdump. Is it > a bug or feature? (Yes I know I can explicitly disable IPv6 in postfix > configuration too, but that's not the point.) Postfix from me installs with IPv6 turned off. Complain with your distributor if they change that. Wietse > My investigation actually started with the following lines in mail.log, > which may or may not be related: > > > May 4 07:52:16 postfix postfix/scache[1518]: statistics: domain > > lookup hits=0 miss=3 success=0% > > (3 messages were sent in this interval; there are always 0 hits and 0% > success rate.) > > I'm using Postfix 3.1.0-3 under Ubuntu 16.04. Relay is secure.emailsrvr.com. > > -- > > With Best Regards, > Marat Khalili >
Re: AAAA requests on IPv6-disconnected system: bug of feature?
> On May 4, 2017, at 4:05 AM, Marat Khalili wrote: > > Postfix is installed as forwarder to a fixed relay in a system with > no IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6 > lines in sysctl). Still, for each message it separately requests both > A and records of the relay from DNS, as I verified by tcpdump. > Is it a bug or feature? To disable outbound IPv6 in Postfix set "inet_protocols = ipv4". If you set "inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups. > (Yes I know I can explicitly disable IPv6 in postfix configuration too, but > that's not the point.) Actually, that is the point. If IPv6 lookups are enabled, then they are performed. > My investigation actually started with the following lines in mail.log, which > may or may not be related: > >> May 4 07:52:16 postfix postfix/scache[1518]: statistics: domain lookup >> hits=0 miss=3 success=0% > > (3 messages were sent in this interval; there are always 0 hits and 0% > success rate.) This is unrelated to the IPv6 question. -- Viktor.
Re: AAAA requests on IPv6-disconnected system: bug of feature?
To disable outbound IPv6 in Postfix set "inet_protocols = ipv4". If you set "inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups. What will happen in my current setup if response suddenly becomes non-empty? Will it fail to send the message? -- With Best Regards, Marat Khalili
Re: AAAA requests on IPv6-disconnected system: bug of feature?
Postfix from me installs with IPv6 turned off. Complain with your distributor if they change that. Indeed default inet_protocols value in my distribution is "all", both in configuration created by install script and when corresponding line is commented out. Do you mean, it is not supposed to be this way? -- With Best Regards, Marat Khalili
Re: AAAA requests on IPv6-disconnected system: bug of feature?
On Thu, May 04, 2017 at 05:18:55PM +0300, Marat Khalili wrote: > > Postfix from me installs with IPv6 turned off. Complain with your > > distributor if they change that. > > Indeed default inet_protocols value in my distribution is "all", both in > configuration created by install script and when corresponding line is > commented out. Do you mean, it is not supposed to be this way? The compiled in default is "all", but the prototype "main.cf" file included with Postfix sources has "ipv4". $ postconf -d inet_protocols inet_protocols = all $ grep inet_protocols conf/main.cf inet_protocols = ipv4 On Thu, May 04, 2017 at 05:17:01PM +0300, Marat Khalili wrote: > > To disable outbound IPv6 in Postfix set "inet_protocols = ipv4". If you set > > "inet_protocols" to some other value, then Postfix will do nexthop IPv6 > > lookups. > > What will happen in my current setup if response suddenly becomes > non-empty? Will it fail to send the message? Since IPv6 connections can't/won't complete, all messages will of course be sent via IPv4. With the address family not enabled in the kernel, IPv6 failure will be fast (likely the socket(PF_INET6, ...) system call will fail) and the only effect is a bit more logging in some cases and the time it takes to do the lookups. -- Viktor.
Re: AAAA requests on IPv6-disconnected system: bug of feature?
Marat Khalili: > > Postfix from me installs with IPv6 turned off. Complain with your > > distributor if they change that. > > Indeed default inet_protocols value in my distribution is "all", both in > configuration created by install script and when corresponding line is > commented out. Do you mean, it is not supposed to be this way? I am not talking about the default. I am talking about "Postfix from me INSTALLS with ipv6 turned off". Wietse
Re: AAAA requests on IPv6-disconnected system: bug of feature?
On Thursday, May 04, 2017 12:56:05 PM Wietse Venema wrote: > Marat Khalili: > > > Postfix from me installs with IPv6 turned off. Complain with your > > > distributor if they change that. > > > > Indeed default inet_protocols value in my distribution is "all", both in > > configuration created by install script and when corresponding line is > > commented out. Do you mean, it is not supposed to be this way? > > I am not talking about the default. > > I am talking about "Postfix from me INSTALLS with ipv6 turned off". Since this is about Postfix as shipped by Ubuntu and as packaged by Debian, the bug tracker for one of those distributions is the appropriate place for this discussion, not here. Apologies for not noticing which distro this was about sooner. Scott K
